By defining interfaces tags, virtual routers can be used as part of Advanced Routing and Forwarding (ARF) that only use part of the overall routing table. For inbound data packets from the WAN, the assignment of interfaces tags can be regulated in different ways:
- By using appropriate firewall rules that only capture data packets from particular remote sites, IP addresses or ports
- Based on the routing table
- Via an explicit assignment of tags to remote sites.
This assignment of tags to the remote sites to separate ARF networks can also be conveniently used for packets received at the WAN-side (which by default contain Tag 0). Without controlling the assignment of tags explicitly with the firewall, the virtual router can be determined directly from the remote site or source route from the form of the interface tag. Inbound and outbound communication can thus be easily divided between virtual routers bidirectionally.
Note: The interface tags determined via the tag table and on the basis
of the routing table can be overwritten with an appropriate entry in
the firewall.